Skip to content

Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service

Low severity GitHub Reviewed Published Nov 21, 2018 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

maven org.apache.hive:hive (Maven)

Affected versions

< 0.13.1

Patched versions

0.13.1
maven org.apache.hive:hive-exec (Maven)
< 0.13.1
0.13.1
maven org.apache.hive:hive-service (Maven)
< 0.13.1
0.13.1

Description

Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.

References

Published to the GitHub Advisory Database Nov 21, 2018
Reviewed Jun 16, 2020
Last updated Jan 9, 2023

Severity

Low

EPSS score

0.059%
(26th percentile)

Weaknesses

CVE ID

CVE-2014-0228

GHSA ID

GHSA-w4x9-4f5x-8jj8

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.